Skills
skills/lee-to/ai-factory/aif-plan/Gen Agent Trust Hub

aif-plan

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git operations (init, branch, worktree, checkout, pull) and file system commands (mkdir, cp, cd) to manage development environments and synchronize context files. \n- [PROMPT_INJECTION]: The skill implements a hierarchical instruction system that treats repository files as authoritative overrides, creating an indirect prompt injection surface. \n
  • Ingestion points: Mandatory reading of .ai-factory/skill-context/aif-plan/SKILL.md, and optional reading of .ai-factory/DESCRIPTION.md, .ai-factory/ARCHITECTURE.md, and .ai-factory/RESEARCH.md. \n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating file contents. \n
  • Capability inventory: Includes system command execution via Bash and task management via TaskCreate/TaskUpdate. \n
  • Sanitization: Content from these files is used as-is to dictate agent behavior without validation or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 10:39 AM